bdaebd
%define contentdir %{_datadir}/httpd
bdaebd
%define docroot /var/www
bdaebd
%define suexec_caller apache
bdaebd
%define mmn 20120211
bdaebd
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
bdaebd
%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
bdaebd
%if 0%{?fedora} > 26 || 0%{?rhel} > 7
bdaebd
%global mpm event
bdaebd
%else
bdaebd
%global mpm prefork
bdaebd
%endif
bdaebd
bdaebd
Summary: Apache HTTP Server
bdaebd
Name: httpd
bdaebd
Version: 2.4.37
bdaebd
Release: 12%{?dist}
bdaebd
URL: https://httpd.apache.org/
bdaebd
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
bdaebd
Source1: index.html
bdaebd
Source2: httpd.logrotate
bdaebd
Source3: instance.conf
bdaebd
Source4: httpd-ssl-pass-dialog
bdaebd
Source5: httpd.tmpfiles
bdaebd
Source6: httpd.service
bdaebd
Source7: action-graceful.sh
bdaebd
Source8: action-configtest.sh
bdaebd
Source10: httpd.conf
bdaebd
Source11: 00-base.conf
bdaebd
Source12: 00-mpm.conf
bdaebd
Source13: 00-lua.conf
bdaebd
Source14: 01-cgi.conf
bdaebd
Source15: 00-dav.conf
bdaebd
Source16: 00-proxy.conf
bdaebd
Source17: 00-ssl.conf
bdaebd
Source18: 01-ldap.conf
bdaebd
Source19: 00-proxyhtml.conf
bdaebd
Source20: userdir.conf
bdaebd
Source21: ssl.conf
bdaebd
Source22: welcome.conf
bdaebd
Source23: manual.conf
bdaebd
Source24: 00-systemd.conf
bdaebd
Source25: 01-session.conf
bdaebd
Source26: 10-listen443.conf
bdaebd
Source27: httpd.socket
bdaebd
Source28: 00-optional.conf
bdaebd
Source29: 01-md.conf
bdaebd
# Documentation
bdaebd
Source30: README.confd
bdaebd
Source31: README.confmod
bdaebd
Source32: httpd.service.xml
bdaebd
Source33: htcacheclean.service.xml
bdaebd
Source34: httpd.conf.xml
bdaebd
Source40: htcacheclean.service
bdaebd
Source41: htcacheclean.sysconf
bdaebd
Source42: httpd-init.service
bdaebd
Source43: httpd-ssl-gencerts
bdaebd
Source44: httpd@.service
bdaebd
bdaebd
# build/scripts patches
bdaebd
# http://bugzilla.redhat.com/show_bug.cgi?id=1231924
bdaebd
# http://bugzilla.redhat.com/show_bug.cgi?id=842736
bdaebd
# http://bugzilla.redhat.com/show_bug.cgi?id=1214401
bdaebd
Patch1: httpd-2.4.35-apachectl.patch
bdaebd
Patch2: httpd-2.4.28-apxs.patch
bdaebd
Patch3: httpd-2.4.35-deplibs.patch
bdaebd
Patch4: httpd-2.4.35-layout.patch
bdaebd
bdaebd
# Needed for socket activation and mod_systemd patch
bdaebd
Patch19: httpd-2.4.35-detect-systemd.patch
bdaebd
bdaebd
# Features/functional changes
bdaebd
Patch20: httpd-2.4.32-export.patch
bdaebd
Patch21: httpd-2.4.35-corelimit.patch
bdaebd
Patch22: httpd-2.4.35-selinux.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1170215
bdaebd
Patch23: httpd-2.4.28-icons.patch
bdaebd
Patch24: httpd-2.4.35-systemd.patch
bdaebd
Patch25: httpd-2.4.35-cachehardmax.patch
bdaebd
Patch26: httpd-2.4.28-socket-activation.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1109119
bdaebd
Patch27: httpd-2.4.35-sslciphdefault.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1332242
bdaebd
Patch28: httpd-2.4.28-statements-comment.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=811714
bdaebd
Patch29: httpd-2.4.35-full-release.patch
bdaebd
Patch30: httpd-2.4.35-freebind.patch
bdaebd
Patch31: httpd-2.4.35-r1830819+.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1638738
bdaebd
Patch32: httpd-2.4.37-sslprotdefault.patch
bdaebd
bdaebd
# Bug fixes
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
bdaebd
Patch61: httpd-2.4.35-r1738878.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1170206
bdaebd
Patch62: httpd-2.4.35-r1633085.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1448892
bdaebd
Patch63: httpd-2.4.28-r1811831.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1602548
bdaebd
Patch65: httpd-2.4.35-r1842888.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1653009
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1672977
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
bdaebd
Patch66: httpd-2.4.37-r1842929+.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1630432
bdaebd
Patch67: httpd-2.4.35-r1825120.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1670716
bdaebd
Patch68: httpd-2.4.37-fips-segfault.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1669221
bdaebd
Patch70: httpd-2.4.37-r1840554.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
bdaebd
Patch71: httpd-2.4.37-mod-md-perms.patch
bdaebd
bdaebd
# Security fixes
bdaebd
Patch200: httpd-2.4.37-r1851471.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1694980
bdaebd
Patch201: httpd-2.4.37-CVE-2019-0211.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1695025
bdaebd
Patch202: httpd-2.4.37-CVE-2019-0215.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1696141
bdaebd
Patch203: httpd-2.4.37-CVE-2019-0217.patch
bdaebd
# https://bugzilla.redhat.com/show_bug.cgi?id=1696097
bdaebd
Patch204: httpd-2.4.37-CVE-2019-0220.patch
bdaebd
bdaebd
License: ASL 2.0
bdaebd
Group: System Environment/Daemons
bdaebd
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
bdaebd
BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
bdaebd
BuildRequires: zlib-devel, libselinux-devel, lua-devel,  brotli-devel
bdaebd
BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
bdaebd
BuildRequires: systemd-devel
bdaebd
Requires: /etc/mime.types, system-logos-httpd
bdaebd
Obsoletes: httpd-suexec
bdaebd
Provides: webserver
bdaebd
Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
bdaebd
Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
bdaebd
Requires: httpd-tools = %{version}-%{release}
bdaebd
Requires: httpd-filesystem = %{version}-%{release}
bdaebd
Requires: mod_http2
bdaebd
Requires(pre): httpd-filesystem
bdaebd
Requires(preun): systemd-units
bdaebd
Requires(postun): systemd-units
bdaebd
Requires(post): systemd-units
bdaebd
Conflicts: apr < 1.5.0-1
bdaebd
bdaebd
%description
bdaebd
The Apache HTTP Server is a powerful, efficient, and extensible
bdaebd
web server.
bdaebd
bdaebd
%package devel
bdaebd
Group: Development/Libraries
bdaebd
Summary: Development interfaces for the Apache HTTP server
bdaebd
Requires: apr-devel, apr-util-devel, pkgconfig
bdaebd
Requires: httpd = %{version}-%{release}
bdaebd
bdaebd
%description devel
bdaebd
The httpd-devel package contains the APXS binary and other files
bdaebd
that you need to build Dynamic Shared Objects (DSOs) for the
bdaebd
Apache HTTP Server.
bdaebd
bdaebd
If you are installing the Apache HTTP server and you want to be
bdaebd
able to compile or develop additional modules for Apache, you need
bdaebd
to install this package.
bdaebd
bdaebd
%package manual
bdaebd
Group: Documentation
bdaebd
Summary: Documentation for the Apache HTTP server
bdaebd
Requires: httpd = %{version}-%{release}
bdaebd
Obsoletes: secureweb-manual, apache-manual
bdaebd
BuildArch: noarch
bdaebd
bdaebd
%description manual
bdaebd
The httpd-manual package contains the complete manual and
bdaebd
reference guide for the Apache HTTP server. The information can
bdaebd
also be found at http://httpd.apache.org/docs/2.2/.
bdaebd
bdaebd
%package filesystem
bdaebd
Group: System Environment/Daemons
bdaebd
Summary: The basic directory layout for the Apache HTTP server
bdaebd
BuildArch: noarch
bdaebd
Requires(pre): /usr/sbin/useradd
bdaebd
bdaebd
%description filesystem
bdaebd
The httpd-filesystem package contains the basic directory layout
bdaebd
for the Apache HTTP server including the correct permissions
bdaebd
for the directories.
bdaebd
bdaebd
%package tools
bdaebd
Group: System Environment/Daemons
bdaebd
Summary: Tools for use with the Apache HTTP Server
bdaebd
bdaebd
%description tools
bdaebd
The httpd-tools package contains tools which can be used with 
bdaebd
the Apache HTTP Server.
bdaebd
bdaebd
%package -n mod_ssl
bdaebd
Group: System Environment/Daemons
bdaebd
Summary: SSL/TLS module for the Apache HTTP Server
bdaebd
Epoch: 1
bdaebd
BuildRequires: openssl-devel
bdaebd
Requires(pre): httpd-filesystem
bdaebd
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
bdaebd
Requires: sscg >= 2.2.0
bdaebd
Obsoletes: stronghold-mod_ssl
bdaebd
# Require an OpenSSL which supports PROFILE=SYSTEM
bdaebd
Conflicts: openssl-libs < 1:1.0.1h-4
bdaebd
bdaebd
%description -n mod_ssl
bdaebd
The mod_ssl module provides strong cryptography for the Apache Web
bdaebd
server via the Secure Sockets Layer (SSL) and Transport Layer
bdaebd
Security (TLS) protocols.
bdaebd
bdaebd
%package -n mod_md
bdaebd
Group: System Environment/Daemons
bdaebd
Summary: Certificate provisioning using ACME for the Apache HTTP Server
bdaebd
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
bdaebd
BuildRequires: jansson-devel, libcurl-devel
bdaebd
bdaebd
%description -n mod_md
bdaebd
This module manages common properties of domains for one or more
bdaebd
virtual hosts. Specifically it can use the ACME protocol (RFC Draft)
bdaebd
to automate certificate provisioning. These will be configured for
bdaebd
managed domains and their virtual hosts automatically. This includes
bdaebd
renewal of certificates before they expire.
bdaebd
bdaebd
%package -n mod_proxy_html
bdaebd
Group: System Environment/Daemons
bdaebd
Summary: HTML and XML content filters for the Apache HTTP Server
bdaebd
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
bdaebd
BuildRequires: libxml2-devel
bdaebd
Epoch: 1
bdaebd
Obsoletes: mod_proxy_html < 1:2.4.1-2
bdaebd
bdaebd
%description -n mod_proxy_html
bdaebd
The mod_proxy_html and mod_xml2enc modules provide filters which can
bdaebd
transform and modify HTML and XML content.
bdaebd
bdaebd
%package -n mod_ldap
bdaebd
Group: System Environment/Daemons
bdaebd
Summary: LDAP authentication modules for the Apache HTTP Server
bdaebd
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
bdaebd
Requires: apr-util-ldap
bdaebd
bdaebd
%description -n mod_ldap
bdaebd
The mod_ldap and mod_authnz_ldap modules add support for LDAP
bdaebd
authentication to the Apache HTTP Server.
bdaebd
bdaebd
%package -n mod_session
bdaebd
Group: System Environment/Daemons
bdaebd
Summary: Session interface for the Apache HTTP Server
bdaebd
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
bdaebd
bdaebd
%description -n mod_session
bdaebd
The mod_session module and associated backends provide an abstract
bdaebd
interface for storing and accessing per-user session data.
bdaebd
bdaebd
%prep
bdaebd
%setup -q
bdaebd
%patch1 -p1 -b .apctl
bdaebd
%patch2 -p1 -b .apxs
bdaebd
%patch3 -p1 -b .deplibs
bdaebd
%patch4 -p1 -b .layout
bdaebd
bdaebd
%patch19 -p1 -b .detectsystemd
bdaebd
%patch20 -p1 -b .export
bdaebd
%patch21 -p1 -b .corelimit
bdaebd
%patch22 -p1 -b .selinux
bdaebd
%patch23 -p1 -b .icons
bdaebd
%patch24 -p1 -b .systemd
bdaebd
%patch25 -p1 -b .cachehardmax
bdaebd
%patch26 -p1 -b .socketactivation
bdaebd
%patch27 -p1 -b .sslciphdefault
bdaebd
%patch28 -p1 -b .statementscomment
bdaebd
%patch29 -p1 -b .fullrelease
bdaebd
%patch30 -p1 -b .freebind
bdaebd
%patch31 -p1 -b .r1830819+
bdaebd
%patch32 -p1 -b .sslprotdefault
bdaebd
bdaebd
%patch61 -p1 -b .r1738878
bdaebd
%patch62 -p1 -b .r1633085
bdaebd
%patch63 -p1 -b .r1811831
bdaebd
%patch65 -p1 -b .r1842888
bdaebd
%patch66 -p1 -b .r1842929+
bdaebd
%patch67 -p1 -b .r1825120
bdaebd
%patch68 -p1 -b .fipscore
bdaebd
%patch70 -p1 -b .r1840554
bdaebd
%patch71 -p1 -b .modmdperms
bdaebd
bdaebd
%patch200 -p1 -b .r1851471
bdaebd
%patch201 -p1 -b .CVE-2019-0211
bdaebd
%patch202 -p1 -b .CVE-2019-0215
bdaebd
%patch203 -p1 -b .CVE-2019-0217
bdaebd
%patch204 -p1 -b .CVE-2019-0220
bdaebd
bdaebd
# Patch in the vendor string
bdaebd
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
bdaebd
sed -i 's/@RELEASE@/%{release}/' server/core.c
bdaebd
bdaebd
# Prevent use of setcap in "install-suexec-caps" target.
bdaebd
sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in
bdaebd
bdaebd
# Example conf for instances
bdaebd
cp $RPM_SOURCE_DIR/instance.conf .
bdaebd
sed < $RPM_SOURCE_DIR/httpd.conf >> instance.conf '
bdaebd
0,/^ServerRoot/d;
bdaebd
/# Supplemental configuration/,$d
bdaebd
/^ *CustomLog .logs/s,logs/,logs/${HTTPD_INSTANCE}_,
bdaebd
/^ *ErrorLog .logs/s,logs/,logs/${HTTPD_INSTANCE}_,
bdaebd
'
bdaebd
touch -r $RPM_SOURCE_DIR/instance.conf instance.conf
bdaebd
bdaebd
# Safety check: prevent build if defined MMN does not equal upstream MMN.
bdaebd
vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
bdaebd
if test "x${vmmn}" != "x%{mmn}"; then
bdaebd
   : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}
bdaebd
   : Update the mmn macro and rebuild.
bdaebd
   exit 1
bdaebd
fi
bdaebd
bdaebd
sed '
bdaebd
s,@MPM@,%{mpm},g
bdaebd
s,@DOCROOT@,%{docroot},g
bdaebd
s,@LOGDIR@,%{_localstatedir}/log/httpd,g
bdaebd
' < $RPM_SOURCE_DIR/httpd.conf.xml \
bdaebd
    > httpd.conf.xml
bdaebd
bdaebd
xmlto man ./httpd.conf.xml
bdaebd
xmlto man $RPM_SOURCE_DIR/htcacheclean.service.xml
bdaebd
xmlto man $RPM_SOURCE_DIR/httpd.service.xml
bdaebd
bdaebd
: Building with MMN %{mmn}, MMN-ISA %{mmnisa}
bdaebd
: Default MPM is %{mpm}, vendor string is '%{vstring}'
bdaebd
bdaebd
%build
bdaebd
# forcibly prevent use of bundled apr, apr-util, pcre
bdaebd
rm -rf srclib/{apr,apr-util,pcre}
bdaebd
bdaebd
# regenerate configure scripts
bdaebd
autoheader && autoconf || exit 1
bdaebd
bdaebd
# Before configure; fix location of build dir in generated apxs
bdaebd
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
bdaebd
	support/apxs.in
bdaebd
bdaebd
export CFLAGS=$RPM_OPT_FLAGS
bdaebd
export LDFLAGS="-Wl,-z,relro,-z,now"
bdaebd
bdaebd
# Hard-code path to links to avoid unnecessary builddep
bdaebd
export LYNX_PATH=/usr/bin/links
bdaebd
bdaebd
# Build the daemon
bdaebd
./configure \
bdaebd
        --prefix=%{_sysconfdir}/httpd \
bdaebd
        --exec-prefix=%{_prefix} \
bdaebd
        --bindir=%{_bindir} \
bdaebd
        --sbindir=%{_sbindir} \
bdaebd
        --mandir=%{_mandir} \
bdaebd
        --libdir=%{_libdir} \
bdaebd
        --sysconfdir=%{_sysconfdir}/httpd/conf \
bdaebd
        --includedir=%{_includedir}/httpd \
bdaebd
        --libexecdir=%{_libdir}/httpd/modules \
bdaebd
        --datadir=%{contentdir} \
bdaebd
        --enable-layout=Fedora \
bdaebd
        --with-installbuilddir=%{_libdir}/httpd/build \
bdaebd
        --enable-mpms-shared=all \
bdaebd
        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
bdaebd
        --enable-suexec --with-suexec \
bdaebd
        --enable-suexec-capabilities \
bdaebd
        --with-suexec-caller=%{suexec_caller} \
bdaebd
        --with-suexec-docroot=%{docroot} \
bdaebd
        --without-suexec-logfile \
bdaebd
        --with-suexec-syslog \
bdaebd
        --with-suexec-bin=%{_sbindir}/suexec \
bdaebd
        --with-suexec-uidmin=1000 --with-suexec-gidmin=1000 \
bdaebd
        --with-brotli \
bdaebd
        --enable-pie \
bdaebd
        --with-pcre \
bdaebd
        --enable-mods-shared=all \
bdaebd
        --enable-ssl --with-ssl --disable-distcache \
bdaebd
        --enable-proxy --enable-proxy-fdpass \
bdaebd
        --enable-cache \
bdaebd
        --enable-disk-cache \
bdaebd
        --enable-ldap --enable-authnz-ldap \
bdaebd
        --enable-cgid --enable-cgi \
bdaebd
        --enable-authn-anon --enable-authn-alias \
bdaebd
        --disable-imagemap --disable-file-cache \
bdaebd
        --disable-http2 \
bdaebd
        $*
bdaebd
make %{?_smp_mflags}
bdaebd
bdaebd
%install
bdaebd
rm -rf $RPM_BUILD_ROOT
bdaebd
bdaebd
make DESTDIR=$RPM_BUILD_ROOT install
bdaebd
bdaebd
# Install systemd service files
bdaebd
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
bdaebd
for s in httpd.service htcacheclean.service httpd.socket \
bdaebd
         httpd@.service httpd-init.service; do
bdaebd
  install -p -m 644 $RPM_SOURCE_DIR/${s} \
bdaebd
                    $RPM_BUILD_ROOT%{_unitdir}/${s}
bdaebd
done
bdaebd
bdaebd
# install conf file/directory
bdaebd
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \
bdaebd
      $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d
bdaebd
install -m 644 $RPM_SOURCE_DIR/README.confd \
bdaebd
    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
bdaebd
install -m 644 $RPM_SOURCE_DIR/README.confmod \
bdaebd
    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README
bdaebd
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
bdaebd
         00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
bdaebd
         01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf \
bdaebd
         01-md.conf; do
bdaebd
  install -m 644 -p $RPM_SOURCE_DIR/$f \
bdaebd
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
bdaebd
done
bdaebd
bdaebd
sed -i '/^#LoadModule mpm_%{mpm}_module /s/^#//' \
bdaebd
     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/00-mpm.conf
bdaebd
touch -r $RPM_SOURCE_DIR/00-mpm.conf \
bdaebd
     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/00-mpm.conf
bdaebd
bdaebd
# install systemd override drop directory
bdaebd
# Web application packages can drop snippets into this location if
bdaebd
# they need ExecStart[pre|post].
bdaebd
mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d
bdaebd
mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d
bdaebd
bdaebd
install -m 644 -p $RPM_SOURCE_DIR/10-listen443.conf \
bdaebd
      $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d/10-listen443.conf
bdaebd
bdaebd
for f in welcome.conf ssl.conf manual.conf userdir.conf; do
bdaebd
  install -m 644 -p $RPM_SOURCE_DIR/$f \
bdaebd
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f
bdaebd
done
bdaebd
bdaebd
# Split-out extra config shipped as default in conf.d:
bdaebd
for f in autoindex; do
bdaebd
  install -m 644 docs/conf/extra/httpd-${f}.conf \
bdaebd
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/${f}.conf
bdaebd
done
bdaebd
bdaebd
# Extra config trimmed:
bdaebd
rm -v docs/conf/extra/httpd-{ssl,userdir}.conf
bdaebd
bdaebd
rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf
bdaebd
install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \
bdaebd
   $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf
bdaebd
bdaebd
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
bdaebd
install -m 644 -p $RPM_SOURCE_DIR/htcacheclean.sysconf \
bdaebd
   $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/htcacheclean
bdaebd
bdaebd
# tmpfiles.d configuration
bdaebd
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d 
bdaebd
install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
bdaebd
   $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf
bdaebd
bdaebd
# Other directories
bdaebd
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
bdaebd
         $RPM_BUILD_ROOT%{_localstatedir}/lib/httpd \
bdaebd
         $RPM_BUILD_ROOT/run/httpd/htcacheclean
bdaebd
bdaebd
# Substitute in defaults which are usually done (badly) by "make install"
bdaebd
sed -i \
bdaebd
   "s,@@ServerRoot@@/var,%{_localstatedir}/lib/dav,;
bdaebd
    s,@@ServerRoot@@/user.passwd,/etc/httpd/conf/user.passwd,;
bdaebd
    s,@@ServerRoot@@/docs,%{docroot},;
bdaebd
    s,@@ServerRoot@@,%{docroot},;
bdaebd
    s,@@Port@@,80,;" \
bdaebd
    docs/conf/extra/*.conf
bdaebd
bdaebd
# Create cache directory
bdaebd
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \
bdaebd
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \
bdaebd
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl
bdaebd
bdaebd
# Make the MMN accessible to module packages
bdaebd
echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn
bdaebd
mkdir -p $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d
bdaebd
cat > $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d/macros.httpd <
bdaebd
%%_httpd_mmn %{mmnisa}
bdaebd
%%_httpd_apxs %%{_bindir}/apxs
bdaebd
%%_httpd_modconfdir %%{_sysconfdir}/httpd/conf.modules.d
bdaebd
%%_httpd_confdir %%{_sysconfdir}/httpd/conf.d
bdaebd
%%_httpd_contentdir %{contentdir}
bdaebd
%%_httpd_moddir %%{_libdir}/httpd/modules
bdaebd
EOF
bdaebd
bdaebd
# Handle contentdir
bdaebd
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
bdaebd
install -m 644 -p $RPM_SOURCE_DIR/index.html \
bdaebd
        $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
bdaebd
rm -rf %{contentdir}/htdocs
bdaebd
bdaebd
# remove manual sources
bdaebd
find $RPM_BUILD_ROOT%{contentdir}/manual \( \
bdaebd
    -name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \
bdaebd
    \) -print0 | xargs -0 rm -f
bdaebd
bdaebd
# Strip the manual down just to English and replace the typemaps with flat files:
bdaebd
set +x
bdaebd
for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do
bdaebd
   if test -f ${f}.en; then
bdaebd
      cp ${f}.en ${f}
bdaebd
      rm ${f}.*
bdaebd
   fi
bdaebd
done
bdaebd
set -x
bdaebd
bdaebd
# Clean Document Root
bdaebd
rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
bdaebd
      $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
bdaebd
bdaebd
# Symlink for the powered-by-$DISTRO image:
bdaebd
ln -s ../../pixmaps/poweredby.png \
bdaebd
        $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
bdaebd
bdaebd
# symlinks for /etc/httpd
bdaebd
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
bdaebd
ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state
bdaebd
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
bdaebd
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
bdaebd
bdaebd
# install http-ssl-pass-dialog
bdaebd
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
bdaebd
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
bdaebd
	$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
bdaebd
bdaebd
# install http-ssl-gencerts
bdaebd
install -m755 $RPM_SOURCE_DIR/httpd-ssl-gencerts \
bdaebd
	$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts
bdaebd
bdaebd
# Install action scripts
bdaebd
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd
bdaebd
for f in graceful configtest; do
bdaebd
    install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \
bdaebd
            $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd/${f}
bdaebd
done
bdaebd
bdaebd
# Install logrotate config
bdaebd
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
bdaebd
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
bdaebd
	$RPM_BUILD_ROOT/etc/logrotate.d/httpd
bdaebd
bdaebd
# Install man pages
bdaebd
install -d $RPM_BUILD_ROOT%{_mandir}/man8 $RPM_BUILD_ROOT%{_mandir}/man5
bdaebd
install -m 644 -p httpd.service.8 httpd-init.service.8 httpd.socket.8 \
bdaebd
        httpd@.service.8  htcacheclean.service.8 \
bdaebd
        $RPM_BUILD_ROOT%{_mandir}/man8
bdaebd
install -m 644 -p httpd.conf.5 \
bdaebd
        $RPM_BUILD_ROOT%{_mandir}/man5
bdaebd
bdaebd
# fix man page paths
bdaebd
sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \
bdaebd
    -e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \
bdaebd
    -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \
bdaebd
    -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \
bdaebd
    -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \
bdaebd
    -e "s|/usr/local/apache2/logs/httpd.pid|/run/httpd/httpd.pid|" \
bdaebd
    -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \
bdaebd
  > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8
bdaebd
bdaebd
# Make ap_config_layout.h libdir-agnostic
bdaebd
sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \
bdaebd
    $RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h
bdaebd
bdaebd
# Fix path to instdso in special.mk
bdaebd
sed -i '/instdso/s,top_srcdir,top_builddir,' \
bdaebd
    $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk
bdaebd
bdaebd
# Remove unpackaged files
bdaebd
rm -vf \
bdaebd
      $RPM_BUILD_ROOT%{_libdir}/*.exp \
bdaebd
      $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \
bdaebd
      $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \
bdaebd
      $RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \
bdaebd
      $RPM_BUILD_ROOT%{_bindir}/{ap?-config,dbmmanage} \
bdaebd
      $RPM_BUILD_ROOT%{_sbindir}/{checkgid,envvars*} \
bdaebd
      $RPM_BUILD_ROOT%{contentdir}/htdocs/* \
bdaebd
      $RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \
bdaebd
      $RPM_BUILD_ROOT%{contentdir}/cgi-bin/*
bdaebd
bdaebd
rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}
bdaebd
bdaebd
%pre filesystem
bdaebd
getent group apache >/dev/null || groupadd -g 48 -r apache
bdaebd
getent passwd apache >/dev/null || \
bdaebd
  useradd -r -u 48 -g apache -s /sbin/nologin \
bdaebd
    -d %{contentdir} -c "Apache" apache
bdaebd
exit 0
bdaebd
bdaebd
%post
bdaebd
%systemd_post httpd.service htcacheclean.service httpd.socket
bdaebd
bdaebd
%preun
bdaebd
%systemd_preun httpd.service htcacheclean.service httpd.socket
bdaebd
bdaebd
%postun
bdaebd
%systemd_postun
bdaebd
bdaebd
# Trigger for conversion from SysV, per guidelines at:
bdaebd
# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd
bdaebd
%triggerun -- httpd < 2.2.21-5
bdaebd
# Save the current service runlevel info
bdaebd
# User must manually run systemd-sysv-convert --apply httpd
bdaebd
# to migrate them to systemd targets
bdaebd
/usr/bin/systemd-sysv-convert --save httpd.service >/dev/null 2>&1 ||:
bdaebd
bdaebd
# Run these because the SysV package being removed won't do them
bdaebd
/sbin/chkconfig --del httpd >/dev/null 2>&1 || :
bdaebd
bdaebd
%posttrans
bdaebd
test -f /etc/sysconfig/httpd-disable-posttrans || \
bdaebd
  /bin/systemctl try-restart --no-block httpd.service htcacheclean.service >/dev/null 2>&1 || :
bdaebd
bdaebd
%check
bdaebd
# Check the built modules are all PIC
bdaebd
if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then
bdaebd
   : modules contain non-relocatable code
bdaebd
   exit 1
bdaebd
fi
bdaebd
set +x
bdaebd
rv=0
bdaebd
# Ensure every mod_* that's built is loaded.
bdaebd
for f in $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so; do
bdaebd
  m=${f##*/}
bdaebd
  if ! grep -q $m $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf; then
bdaebd
    echo ERROR: Module $m not configured.  Disable it, or load it.
bdaebd
    rv=1
bdaebd
  fi
bdaebd
done
bdaebd
# Ensure every loaded mod_* is actually built
bdaebd
mods=`grep -h ^LoadModule $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf | sed 's,.*modules/,,'`
bdaebd
for m in $mods; do
bdaebd
  f=$RPM_BUILD_ROOT%{_libdir}/httpd/modules/${m}
bdaebd
  if ! test -x $f; then
bdaebd
    echo ERROR: Module $m is configured but not built.
bdaebd
    rv=1
bdaebd
  fi
bdaebd
done
bdaebd
set -x
bdaebd
exit $rv
bdaebd
bdaebd
%clean
bdaebd
rm -rf $RPM_BUILD_ROOT
bdaebd
bdaebd
%files
bdaebd
%defattr(-,root,root)
bdaebd
bdaebd
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
bdaebd
%doc docs/conf/extra/*.conf
bdaebd
%doc instance.conf
bdaebd
bdaebd
%{_sysconfdir}/httpd/modules
bdaebd
%{_sysconfdir}/httpd/logs
bdaebd
%{_sysconfdir}/httpd/state
bdaebd
%{_sysconfdir}/httpd/run
bdaebd
%dir %{_sysconfdir}/httpd/conf
bdaebd
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
bdaebd
%config(noreplace) %{_sysconfdir}/httpd/conf/magic
bdaebd
bdaebd
%config(noreplace) %{_sysconfdir}/logrotate.d/httpd
bdaebd
bdaebd
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*.conf
bdaebd
%exclude %{_sysconfdir}/httpd/conf.d/ssl.conf
bdaebd
%exclude %{_sysconfdir}/httpd/conf.d/manual.conf
bdaebd
bdaebd
%dir %{_sysconfdir}/httpd/conf.modules.d
bdaebd
%{_sysconfdir}/httpd/conf.modules.d/README
bdaebd
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
bdaebd
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
bdaebd
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
bdaebd
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
bdaebd
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
bdaebd
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-md.conf
bdaebd
bdaebd
%config(noreplace) %{_sysconfdir}/sysconfig/htcacheclean
bdaebd
%{_prefix}/lib/tmpfiles.d/httpd.conf
bdaebd
bdaebd
%dir %{_libexecdir}/initscripts/legacy-actions/httpd
bdaebd
%{_libexecdir}/initscripts/legacy-actions/httpd/*
bdaebd
bdaebd
%{_sbindir}/ht*
bdaebd
%{_sbindir}/fcgistarter
bdaebd
%{_sbindir}/apachectl
bdaebd
%{_sbindir}/rotatelogs
bdaebd
%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
bdaebd
bdaebd
%dir %{_libdir}/httpd
bdaebd
%dir %{_libdir}/httpd/modules
bdaebd
%{_libdir}/httpd/modules/mod*.so
bdaebd
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
bdaebd
%exclude %{_libdir}/httpd/modules/mod_ssl.so
bdaebd
%exclude %{_libdir}/httpd/modules/mod_md.so
bdaebd
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
bdaebd
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
bdaebd
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
bdaebd
%exclude %{_libdir}/httpd/modules/mod_session*.so
bdaebd
bdaebd
%dir %{contentdir}/error
bdaebd
%dir %{contentdir}/error/include
bdaebd
%dir %{contentdir}/noindex
bdaebd
%{contentdir}/icons/*
bdaebd
%{contentdir}/error/README
bdaebd
%{contentdir}/error/*.var
bdaebd
%{contentdir}/error/include/*.html
bdaebd
%{contentdir}/noindex/index.html
bdaebd
bdaebd
%attr(0710,root,apache) %dir /run/httpd
bdaebd
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
bdaebd
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
bdaebd
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
bdaebd
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/httpd
bdaebd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
bdaebd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
bdaebd
bdaebd
%{_mandir}/man8/*
bdaebd
%{_mandir}/man5/*
bdaebd
%exclude %{_mandir}/man8/httpd-init.*
bdaebd
bdaebd
%{_unitdir}/httpd.service
bdaebd
%{_unitdir}/httpd@.service
bdaebd
%{_unitdir}/htcacheclean.service
bdaebd
%{_unitdir}/*.socket
bdaebd
bdaebd
%files filesystem
bdaebd
%dir %{_sysconfdir}/httpd
bdaebd
%dir %{_sysconfdir}/httpd/conf.d
bdaebd
%{_sysconfdir}/httpd/conf.d/README
bdaebd
%dir %{docroot}
bdaebd
%dir %{docroot}/cgi-bin
bdaebd
%dir %{docroot}/html
bdaebd
%dir %{contentdir}
bdaebd
%dir %{contentdir}/icons
bdaebd
%attr(755,root,root) %dir %{_unitdir}/httpd.service.d
bdaebd
%attr(755,root,root) %dir %{_unitdir}/httpd.socket.d
bdaebd
bdaebd
%files tools
bdaebd
%defattr(-,root,root)
bdaebd
%{_bindir}/*
bdaebd
%{_mandir}/man1/*
bdaebd
%doc LICENSE NOTICE
bdaebd
%exclude %{_bindir}/apxs
bdaebd
%exclude %{_mandir}/man1/apxs.1*
bdaebd
bdaebd
%files manual
bdaebd
%defattr(-,root,root)
bdaebd
%{contentdir}/manual
bdaebd
%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf
bdaebd
bdaebd
%files -n mod_ssl
bdaebd
%defattr(-,root,root)
bdaebd
%{_libdir}/httpd/modules/mod_ssl.so
bdaebd
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
bdaebd
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
bdaebd
%attr(0700,apache,root) %dir %{_localstatedir}/cache/httpd/ssl
bdaebd
%{_unitdir}/httpd-init.service
bdaebd
%{_libexecdir}/httpd-ssl-pass-dialog
bdaebd
%{_libexecdir}/httpd-ssl-gencerts
bdaebd
%{_unitdir}/httpd.socket.d/10-listen443.conf
bdaebd
%{_mandir}/man8/httpd-init.*
bdaebd
bdaebd
%files -n mod_proxy_html
bdaebd
%defattr(-,root,root)
bdaebd
%{_libdir}/httpd/modules/mod_proxy_html.so
bdaebd
%{_libdir}/httpd/modules/mod_xml2enc.so
bdaebd
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
bdaebd
bdaebd
%files -n mod_ldap
bdaebd
%defattr(-,root,root)
bdaebd
%{_libdir}/httpd/modules/mod_*ldap.so
bdaebd
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
bdaebd
bdaebd
%files -n mod_session
bdaebd
%defattr(-,root,root)
bdaebd
%{_libdir}/httpd/modules/mod_session*.so
bdaebd
%{_libdir}/httpd/modules/mod_auth_form.so
bdaebd
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
bdaebd
bdaebd
%files -n mod_md
bdaebd
%defattr(-,root,root)
bdaebd
%{_libdir}/httpd/modules/mod_md.so
bdaebd
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-md.conf
bdaebd
bdaebd
%files devel
bdaebd
%defattr(-,root,root)
bdaebd
%{_includedir}/httpd
bdaebd
%{_bindir}/apxs
bdaebd
%{_mandir}/man1/apxs.1*
bdaebd
%dir %{_libdir}/httpd/build
bdaebd
%{_libdir}/httpd/build/*.mk
bdaebd
%{_libdir}/httpd/build/*.sh
bdaebd
%{_rpmconfigdir}/macros.d/macros.httpd
bdaebd
bdaebd
%changelog
fd1b79
* Fri Aug 02 2019 CentOS Sources <bugs@centos.org> - 2.4.37-12.el8.centos
fd1b79
- Apply debranding changes
fd1b79
bdaebd
* Wed Jun 12 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-12
bdaebd
- Resolves: #1696142 - CVE-2019-0217 httpd:2.4/httpd: mod_auth_digest: access
bdaebd
  control bypass due to race condition
bdaebd
- Resolves: #1696097 - CVE-2019-0220 httpd:2.4/httpd: URL normalization
bdaebd
  inconsistency
bdaebd
- Resolves: #1669221 - `ExtendedStatus Off` directive when using mod_systemd
bdaebd
  causes systemctl to hang
bdaebd
- Resolves: #1673022 - httpd can not be started with mod_md enabled
bdaebd
bdaebd
* Mon Apr 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-11
bdaebd
- Resolves: #1695432 - CVE-2019-0211 httpd: privilege escalation
bdaebd
  from modules scripts
bdaebd
- Resolves: #1696091 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control 
bdaebd
  bypass when using per-location client certification authentication
bdaebd
bdaebd
* Wed Feb 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-10
bdaebd
- Resolves: #1672977 - state-dir corruption on reload 
bdaebd
bdaebd
* Tue Feb 05 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-9
bdaebd
- Resolves: #1670716 - Coredump when starting in FIPS mode
bdaebd
bdaebd
* Fri Feb  1 2019 Joe Orton <jorton@redhat.com> - 2.4.37-8
bdaebd
- add security fix for CVE-2019-0190 (#1671282)
bdaebd
bdaebd
* Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 2.4.37-7
bdaebd
- add DefaultStateDir/ap_state_dir_relative() (#1653009)
bdaebd
- mod_dav_fs: use state dir for default DAVLockDB
bdaebd
- mod_md: use state dir for default MDStoreDir
bdaebd
bdaebd
* Mon Dec 10 2018 Joe Orton <jorton@redhat.com> - 2.4.37-6
bdaebd
- add httpd.conf(5) (#1611361)
bdaebd
bdaebd
* Mon Nov 26 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-5
bdaebd
- Resolves: #1652966 - Missing RELEASE in http header
bdaebd
bdaebd
* Fri Nov 23 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-4
bdaebd
- Resolves: #1641951 - No Documentation= line in htcacheclean.service files
bdaebd
bdaebd
* Fri Nov 23 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-3
bdaebd
- Resolves: #1643713 - TLS connection allowed while all protocols are forbidden
bdaebd
bdaebd
* Thu Nov 22 2018 Joe Orton <jorton@redhat.com> - 2.4.37-2
bdaebd
- mod_ssl: fix off-by-one causing crashes in CGI children (#1649428)
bdaebd
bdaebd
* Wed Nov 21 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-1
bdaebd
- Resolves: #1644625 - httpd rebase to 2.4.37
bdaebd
bdaebd
* Thu Oct 18 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.35-10
bdaebd
- Related: #1493510 - RFE: httpd, add IP_FREEBIND support for Listen
bdaebd
bdaebd
* Tue Oct 16 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-9
bdaebd
- mod_ssl: allow sending multiple CA names which differ only in case
bdaebd
bdaebd
* Tue Oct 16 2018 Joe Orton <jorton@redhat.com> - 2.4.35-7
bdaebd
- mod_ssl: drop SSLRandomSeed from default config (#1638730)
bdaebd
- mod_ssl: follow OpenSSL protocol defaults if SSLProtocol
bdaebd
     is not configured (Rob Crittenden, #1638738)
bdaebd
bdaebd
* Mon Oct 15 2018 Joe Orton <jorton@redhat.com> - 2.4.35-5
bdaebd
- mod_ssl: don't require SSLCryptoDevice to be set for PKCS#11 cert
bdaebd
bdaebd
* Mon Oct 15 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-4
bdaebd
- Resolves: #1635681 - sync with Fedora 28/29 httpd
bdaebd
- comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in default
bdaebd
  configuration; now follow OpenSSL system default (#1468322)
bdaebd
- dropped NPN support
bdaebd
- mod_md: change hard-coded default MdStoreDir to state/md (#1563846)
bdaebd
- don't block on service try-restart in posttrans scriptlet
bdaebd
- build and load mod_brotli
bdaebd
- mod_systemd: show bound ports in status and log to journal
bdaebd
  at startup
bdaebd
- updated httpd.service.xml man page
bdaebd
- tweak wording in privkey passphrase prompt
bdaebd
- drop sslmultiproxy patch
bdaebd
- apachectl: don't read /etc/sysconfig/httpd
bdaebd
- drop irrelevant Obsoletes for devel subpackage
bdaebd
- move instantiated httpd@.service to main httpd package
bdaebd
bdaebd
* Mon Oct 15 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-3
bdaebd
- Resolves: #1602548 - various covscan fixes
bdaebd
bdaebd
* Thu Sep 27 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-2
bdaebd
- apache httpd can work with TLS 1.3 (#1617997)
bdaebd
- drop SSLv3 support patch
bdaebd
bdaebd
* Thu Sep 27 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-1
bdaebd
- new version 2.4.35 (#1632754)
bdaebd
bdaebd
* Mon Sep 03 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.33-4
bdaebd
- mod_ssl: enable SSLv3 and change behavior of "SSLProtocol All" 
bdaebd
  configuration (#1622630)
bdaebd
bdaebd
* Thu Jul 26 2018 Joe Orton <jorton@redhat.com> - 2.4.33-3
bdaebd
- mod_ssl: add PKCS#11 cert/key support (Anderson Sasaki, #1527084)
bdaebd
bdaebd
* Mon Apr 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.33-2
bdaebd
- new version 2.4.33
bdaebd
- add mod_md subpackage; load mod_proxy_uwsgi by default
bdaebd
bdaebd
* Mon Apr 30 2018 Joe Orton <jorton@redhat.com> - 2.4.28-8
bdaebd
- remove %%ghosted /etc/sysconfig/httpd (#1572676)
bdaebd
bdaebd
* Wed Mar 07 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.28-2
bdaebd
- Resolves: #1512563 - httpd: update welcome page branding
bdaebd
- Resolves: #1511123 - RFE: httpd use event MPM by default
bdaebd
- Resolves: #1493510 - RFE: httpd, add IP_FREEBIND support for Listen
bdaebd
bdaebd
* Fri Oct 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.28-1
bdaebd
- new version 2.4.28
bdaebd
bdaebd
* Tue Oct  3 2017 Joe Orton <jorton@redhat.com> - 2.4.27-14
bdaebd
- add notes on enabling httpd_graceful_shutdown boolean for prefork
bdaebd
bdaebd
* Fri Sep 22 2017 Joe Orton <jorton@redhat.com> - 2.4.27-13
bdaebd
- drop Requires(post) for mod_ssl
bdaebd
bdaebd
* Fri Sep 22 2017 Joe Orton <jorton@redhat.com> - 2.4.27-12
bdaebd
- better error handling in httpd-ssl-gencerts (#1494556)
bdaebd
bdaebd
* Thu Sep 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-11
bdaebd
- Require sscg 2.2.0 for creating service and CA certificates together
bdaebd
bdaebd
* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-10
bdaebd
- Address CVE-2017-9798 by applying patch from upstream (#1490344)
bdaebd
bdaebd
* Thu Sep 21 2017 Joe Orton <jorton@redhat.com> - 2.4.27-9
bdaebd
- use sscg defaults; append CA cert to generated cert
bdaebd
- document httpd-init.service in httpd-init.service(8)
bdaebd
bdaebd
* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-8
bdaebd
- Address CVE-2017-9798 by applying patch from upstream (#1490344)
bdaebd
bdaebd
* Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-8.1
bdaebd
- Generate SSL certificates on service start, not %%posttrans
bdaebd
bdaebd
* Tue Sep 19 2017 Joe Orton <jorton@redhat.com> - 2.4.27-8.1
bdaebd
- move httpd.service.d, httpd.socket.d dirs to -filesystem
bdaebd
bdaebd
* Wed Sep 13 2017 Joe Orton <jorton@redhat.com> - 2.4.27-7
bdaebd
- add new content-length filter (upstream PR 61222)
bdaebd
bdaebd
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.27-6
bdaebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
bdaebd
bdaebd
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.27-5
bdaebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
bdaebd
bdaebd
* Tue Jul 18 2017 Joe Orton <jorton@redhat.com> - 2.4.27-4
bdaebd
- update mod_systemd (r1802251)
bdaebd
bdaebd
* Mon Jul 17 2017 Joe Orton <jorton@redhat.com> - 2.4.27-3
bdaebd
- switch to event by default for Fedora 27 and later (#1471708)
bdaebd
bdaebd
* Wed Jul 12 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.27-2
bdaebd
- Resolves: #1469959 - httpd update cleaned out /etc/sysconfig
bdaebd
bdaebd
* Mon Jul 10 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.27-1
bdaebd
- new version 2.4.27
bdaebd
bdaebd
* Fri Jun 30 2017 Joe Orton <jorton@redhat.com> - 2.4.26-2
bdaebd
- mod_proxy_fcgi: fix further regressions (PR 61202)
bdaebd
bdaebd
* Mon Jun 19 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.26-1
bdaebd
- new version 2.4.26
bdaebd
bdaebd
* Mon Jun  5 2017 Joe Orton <jorton@redhat.com> - 2.4.25-10
bdaebd
- move unit man pages to section 8, add as Documentation= in units
bdaebd
bdaebd
* Fri May 19 2017 Joe Orton <jorton@redhat.com> - 2.4.25-9
bdaebd
- add httpd.service(5) and httpd.socket(5) man pages
bdaebd
bdaebd
* Tue May 16 2017 Joe Orton <jorton@redhat.com> - 2.4.25-8
bdaebd
- require mod_http2, now packaged separately
bdaebd
bdaebd
* Wed Mar 29 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-7
bdaebd
- Resolves: #1397243 - Backport Apache Bug 53098 - mod_proxy_ajp:
bdaebd
  patch to set worker secret passed to tomcat
bdaebd
bdaebd
* Tue Mar 28 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-6
bdaebd
- Resolves: #1434916 - httpd.service: Failed with result timeout
bdaebd
bdaebd
* Fri Mar 24 2017 Joe Orton <jorton@redhat.com> - 2.4.25-5
bdaebd
- link only httpd, not support/* against -lselinux -lsystemd
bdaebd
bdaebd
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.25-4
bdaebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
bdaebd
bdaebd
* Thu Jan 12 2017 Joe Orton <jorton@redhat.com> - 2.4.25-3
bdaebd
- mod_watchdog: restrict thread lifetime (#1410883)
bdaebd
bdaebd
* Thu Dec 22 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-2
bdaebd
- Resolves: #1358875 - require nghttp2 >= 1.5.0
bdaebd
bdaebd
* Thu Dec 22 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-1
bdaebd
- new version 2.4.25
bdaebd
bdaebd
* Mon Dec 05 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.23-7
bdaebd
- Resolves: #1401530 - CVE-2016-8740 httpd: Incomplete handling of
bdaebd
  LimitRequestFields directive in mod_http2
bdaebd
bdaebd
* Mon Nov 14 2016 Joe Orton <jorton@redhat.com> - 2.4.23-6
bdaebd
- fix build with OpenSSL 1.1 (#1392900)
bdaebd
- fix typos in ssl.conf (josef randinger, #1379407)
bdaebd
bdaebd
* Wed Nov  2 2016 Joe Orton <jorton@redhat.com> - 2.4.23-5
bdaebd
- no longer package /etc/sysconfig/httpd
bdaebd
- synch ssl.conf with upstream
bdaebd
bdaebd
* Mon Jul 18 2016 Joe Orton <jorton@redhat.com> - 2.4.23-4
bdaebd
- add security fix for CVE-2016-5387
bdaebd
bdaebd
* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.23-3
bdaebd
- load mod_watchdog by default (#1353582)
bdaebd
bdaebd
* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.23-2
bdaebd
- restore build of mod_proxy_fdpass (#1325883)
bdaebd
- improve check tests to catch configured-but-not-built modules
bdaebd
bdaebd
* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.23-1
bdaebd
- update to 2.4.23 (#1325883, #1353203)
bdaebd
- load mod_proxy_hcheck
bdaebd
- recommend use of "systemctl edit" in httpd.service
bdaebd
bdaebd
* Thu Apr  7 2016 Joe Orton <jorton@redhat.com> - 2.4.18-6
bdaebd
- have "apachectl graceful" start httpd if not running, per man page
bdaebd
bdaebd
* Wed Apr  6 2016 Joe Orton <jorton@redhat.com> - 2.4.18-5
bdaebd
- use redirects for lang-specific /manual/ URLs
bdaebd
bdaebd
* Fri Mar 18 2016 Joe Orton <jorton@redhat.com> - 2.4.18-4
bdaebd
- fix welcome page HTML validity (Ville Skyttä)
bdaebd
bdaebd
* Fri Mar 18 2016 Joe Orton <jorton@redhat.com> - 2.4.18-3
bdaebd
- remove httpd pre script (duplicate of httpd-filesystem's)
bdaebd
- in httpd-filesystem pre script, create group/user iff non-existent
bdaebd
bdaebd
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.18-2
bdaebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
bdaebd
bdaebd
* Mon Dec 14 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.18-1
bdaebd
- update to new version 2.4.18
bdaebd
bdaebd
* Wed Dec  9 2015 Joe Orton <jorton@redhat.com> - 2.4.17-4
bdaebd
- re-enable mod_asis due to popular demand (#1284315)
bdaebd
bdaebd
* Mon Oct 26 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.17-3
bdaebd
- fix crash when using -X argument (#1272234)
bdaebd
bdaebd
* Wed Oct 14 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.17-2
bdaebd
- rebase socket activation patch to 2.4.17
bdaebd
bdaebd
* Tue Oct 13 2015 Joe Orton <jorton@redhat.com> - 2.4.17-1
bdaebd
- update to 2.4.17 (#1271224)
bdaebd
- build, load mod_http2
bdaebd
- don't build mod_asis, mod_file_cache
bdaebd
- load mod_cache_socache, mod_proxy_wstunnel by default
bdaebd
- check every built mod_* is configured
bdaebd
- synch ssl.conf with upstream; disable SSLv3 by default
bdaebd
bdaebd
* Wed Jul 15 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.12-4
bdaebd
- update to 2.4.16
bdaebd
bdaebd
* Tue Jul  7 2015 Joe Orton <jorton@redhat.com> - 2.4.12-3
bdaebd
- mod_ssl: use "localhost" in the dummy SSL cert if len(FQDN) > 59 chars
bdaebd
bdaebd
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.12-2
bdaebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
bdaebd
bdaebd
* Fri Mar 27 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.12-1
bdaebd
- update to 2.4.12
bdaebd
bdaebd
* Tue Mar 24 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-17
bdaebd
- fix compilation with lua-5.3
bdaebd
bdaebd
* Tue Mar 24 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-16
bdaebd
- remove filter for auto-provides of httpd modules, it is not needed since F20
bdaebd
bdaebd
* Wed Dec 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-15
bdaebd
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
bdaebd
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
bdaebd
- mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
bdaebd
- mod_lua: fix handling of the Require line when a LuaAuthzProvider is used
bdaebd
  in multiple Require directives with different arguments (CVE-2014-8109)
bdaebd
bdaebd
* Tue Oct 14 2014 Joe Orton <jorton@redhat.com> - 2.4.10-14
bdaebd
- require apr-util 1.5.x
bdaebd
bdaebd
* Thu Sep 18 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-13
bdaebd
- use NoDelay and DeferAcceptSec in httpd.socket
bdaebd
bdaebd
* Mon Sep 08 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-12
bdaebd
- increase suexec minimum acceptable uid/gid to 1000 (#1136391)
bdaebd
bdaebd
* Wed Sep 03 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-11
bdaebd
- fix hostname requirement and conflict with openssl-libs
bdaebd
bdaebd
* Mon Sep 01 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-10
bdaebd
- use KillMode=mixed in httpd.service (#1135122)
bdaebd
bdaebd
* Fri Aug 29 2014 Joe Orton <jorton@redhat.com> - 2.4.10-9
bdaebd
- set vstring based on /etc/os-release (Pat Riehecky, #1114539)
bdaebd
bdaebd
* Fri Aug 29 2014 Joe Orton <jorton@redhat.com> - 2.4.10-8
bdaebd
- pull in httpd-filesystem as Requires(pre) (#1128328)
bdaebd
- fix cipher selection in default ssl.conf, depend on new OpenSSL (#1134348)
bdaebd
- require hostname for mod_ssl post script (#1135118)
bdaebd
bdaebd
* Fri Aug 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-7
bdaebd
- mod_systemd: updated to the latest version
bdaebd
- use -lsystemd instead of -lsystemd-daemon (#1125084)
bdaebd
- fix possible crash in SIGINT handling (#958934)
bdaebd
bdaebd
* Thu Aug 21 2014 Joe Orton <jorton@redhat.com> - 2.4.10-6
bdaebd
- mod_ssl: treat "SSLCipherSuite PROFILE=..." as special (#1109119)
bdaebd
- switch default ssl.conf to use PROFILE=SYSTEM (#1109119)
bdaebd
bdaebd
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.10-5
bdaebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
bdaebd
bdaebd
* Fri Aug 15 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-4
bdaebd
- add /usr/bin/useradd dependency to -filesystem requires
bdaebd
bdaebd
* Thu Aug 14 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-3
bdaebd
- fix creating apache user in pre script (#1128328)
bdaebd
bdaebd
* Thu Jul 31 2014 Joe Orton <jorton@redhat.com> - 2.4.10-2
bdaebd
- enable mod_request by default for mod_auth_form
bdaebd
- move disabled-by-default modules from 00-base.conf to 00-optional.conf
bdaebd
bdaebd
* Mon Jul 21 2014 Joe Orton <jorton@redhat.com> - 2.4.10-1
bdaebd
- update to 2.4.10
bdaebd
- expand variables in docdir example configs
bdaebd
bdaebd
* Tue Jul 08 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-8
bdaebd
- add support for systemd socket activation (#1111648)
bdaebd
bdaebd
* Mon Jul 07 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-7
bdaebd
- remove conf.modules.d from httpd-filesystem subpackage (#1081453)
bdaebd
bdaebd
* Mon Jul 07 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-6
bdaebd
- add httpd-filesystem subpackage (#1081453)
bdaebd
bdaebd
* Fri Jun 20 2014 Joe Orton <jorton@redhat.com> - 2.4.9-5
bdaebd
- mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf (#1109119)
bdaebd
bdaebd
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.9-4
bdaebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
bdaebd
bdaebd
* Fri Mar 28 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-3
bdaebd
- add support for SetHandler + proxy (#1078970)
bdaebd
bdaebd
* Thu Mar 27 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-2
bdaebd
- move macros from /etc/rpm to macros.d (#1074277)
bdaebd
- remove unused patches
bdaebd
bdaebd
* Mon Mar 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-1
bdaebd
- update to 2.4.9
bdaebd
bdaebd
* Fri Feb 28 2014 Joe Orton <jorton@redhat.com> - 2.4.7-6
bdaebd
- use 2048-bit RSA key with SHA-256 signature in dummy certificate
bdaebd
bdaebd
* Fri Feb 28 2014 Stephen Gallagher <sgallagh@redhat.com> 2.4.7-5
bdaebd
- Create drop directory for systemd snippets
bdaebd
bdaebd
* Thu Feb 27 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.7-4
bdaebd
- remove provides of old MMN, because it contained double-dash (#1068851)
bdaebd
bdaebd
* Thu Feb 20 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.7-3
bdaebd
- fix graceful restart using legacy actions
bdaebd
bdaebd
* Thu Dec 12 2013 Joe Orton <jorton@redhat.com> - 2.4.7-2
bdaebd
- conflict with pre-1.5.0 APR
bdaebd
- fix sslsninotreq patch
bdaebd
bdaebd
* Wed Nov 27 2013 Joe Orton <jorton@redhat.com> - 2.4.7-1
bdaebd
- update to 2.4.7 (#1034071)
bdaebd
bdaebd
* Fri Nov 22 2013 Joe Orton <jorton@redhat.com> - 2.4.6-10
bdaebd
- switch to requiring system-logos-httpd (#1031288)
bdaebd
bdaebd
* Tue Nov 12 2013 Joe Orton <jorton@redhat.com> - 2.4.6-9
bdaebd
- change mmnisa to drop "-" altogether
bdaebd
bdaebd
* Tue Nov 12 2013 Joe Orton <jorton@redhat.com> - 2.4.6-8
bdaebd
- drop ambiguous invalid "-" in RHS of httpd-mmn Provide, keeping old Provide
bdaebd
  for transition
bdaebd
bdaebd
* Fri Nov  1 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-7
bdaebd
- systemd: use {MAINPID} notation to ensure /bin/kill has always the second arg
bdaebd
bdaebd
* Thu Oct 31 2013 Joe Orton <jorton@redhat.com> - 2.4.6-6
bdaebd
- mod_ssl: allow SSLEngine to override Listen-based default (r1537535)
bdaebd
bdaebd
* Thu Oct 24 2013 Jan kaluza <jkaluza@redhat.com> - 2.4.6-5
bdaebd
- systemd: send SIGWINCH signal without httpd -k in ExecStop
bdaebd
bdaebd
* Mon Oct 21 2013 Joe Orton <jorton@redhat.com> - 2.4.6-4
bdaebd
- load mod_macro by default (#998452)
bdaebd
- add README to conf.modules.d
bdaebd
- mod_proxy_http: add possible fix for threading issues (r1534321)
bdaebd
- core: add fix for truncated output with CGI scripts (r1530793)
bdaebd
bdaebd
* Thu Oct 10 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-3
bdaebd
- require fedora-logos-httpd (#1009162)
bdaebd
bdaebd
* Wed Jul 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-2
bdaebd
- revert fix for dumping vhosts twice
bdaebd
bdaebd
* Mon Jul 22 2013 Joe Orton <jorton@redhat.com> - 2.4.6-1
bdaebd
- update to 2.4.6
bdaebd
- mod_ssl: use revised NPN API (r1487772)
bdaebd
bdaebd
* Thu Jul 11 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-12
bdaebd
- mod_unique_id: replace use of hostname + pid with PRNG output (#976666)
bdaebd
- apxs: mention -p option in manpage
bdaebd
bdaebd
* Tue Jul  2 2013 Joe Orton <jorton@redhat.com> - 2.4.4-11
bdaebd
- add patch for aarch64 (Dennis Gilmore, #925558)
bdaebd
bdaebd
* Mon Jul  1 2013 Joe Orton <jorton@redhat.com> - 2.4.4-10
bdaebd
- remove duplicate apxs man page from httpd-tools
bdaebd
bdaebd
* Mon Jun 17 2013 Joe Orton <jorton@redhat.com> - 2.4.4-9
bdaebd
- remove zombie dbmmanage script
bdaebd
bdaebd
* Fri May 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-8
bdaebd
- return 400 Bad Request on malformed Host header
bdaebd
bdaebd
* Fri May 24 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-7
bdaebd
- ignore /etc/sysconfig/httpd and document systemd way of setting env variables
bdaebd
  in this file
bdaebd
bdaebd
* Mon May 20 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-6
bdaebd
- htpasswd/htdbm: fix hash generation bug (#956344)
bdaebd
- do not dump vhosts twice in httpd -S output (#928761)
bdaebd
- mod_cache: fix potential crash caused by uninitialized variable (#954109)
bdaebd
bdaebd
* Thu Apr 18 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-5
bdaebd
- execute systemctl reload as result of apachectl graceful
bdaebd
- mod_ssl: ignore SNI hints unless required by config
bdaebd
- mod_cache: forward-port CacheMaxExpire "hard" option
bdaebd
- mod_ssl: fall back on another module's proxy hook if mod_ssl proxy
bdaebd
  is not configured.
bdaebd
bdaebd
* Tue Apr 16 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-4
bdaebd
- fix service file to not send SIGTERM after ExecStop (#906321, #912288)
bdaebd
bdaebd
* Tue Mar 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-3
bdaebd
- protect MIMEMagicFile with IfModule (#893949)
bdaebd
bdaebd
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-2
bdaebd
- really package mod_auth_form in mod_session (#915438)
bdaebd
bdaebd
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-1
bdaebd
- update to 2.4.4
bdaebd
- fix duplicate ownership of mod_session config (#914901)
bdaebd
bdaebd
* Fri Feb 22 2013 Joe Orton <jorton@redhat.com> - 2.4.3-17
bdaebd
- add mod_session subpackage, move mod_auth_form there (#894500)
bdaebd
bdaebd
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.3-16
bdaebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
bdaebd
bdaebd
* Tue Jan  8 2013 Joe Orton <jorton@redhat.com> - 2.4.3-15
bdaebd
- add systemd service for htcacheclean
bdaebd
bdaebd
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-14
bdaebd
- drop patch for r1344712
bdaebd
bdaebd
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-13
bdaebd
- filter mod_*.so auto-provides (thanks to rcollet)
bdaebd
- pull in syslog logging fix from upstream (r1344712)
bdaebd
bdaebd
* Fri Oct 26 2012 Joe Orton <jorton@redhat.com> - 2.4.3-12
bdaebd
- rebuild to pick up new apr-util-ldap
bdaebd
bdaebd
* Tue Oct 23 2012 Joe Orton <jorton@redhat.com> - 2.4.3-11
bdaebd
- rebuild
bdaebd
bdaebd
* Wed Oct  3 2012 Joe Orton <jorton@redhat.com> - 2.4.3-10
bdaebd
- pull upstream patch r1392850 in addition to r1387633
bdaebd
bdaebd
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9
bdaebd
- define PLATFORM in os.h using vendor string
bdaebd
bdaebd
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-8
bdaebd
- use systemd script unconditionally (#850149)
bdaebd
bdaebd
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-7
bdaebd
- use systemd scriptlets if available (#850149)
bdaebd
- don't run posttrans restart if /etc/sysconfig/httpd-disable-posttrans exists
bdaebd
bdaebd
* Mon Oct 01 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-6
bdaebd
- use systemctl from apachectl (#842736)
bdaebd
bdaebd
* Wed Sep 19 2012 Joe Orton <jorton@redhat.com> - 2.4.3-5
bdaebd
- fix some error log spam with graceful-stop (r1387633)
bdaebd
- minor mod_systemd tweaks
bdaebd
bdaebd
* Thu Sep 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-4
bdaebd
- use IncludeOptional for conf.d/*.conf inclusion
bdaebd
bdaebd
* Fri Sep 07 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-3
bdaebd
- adding mod_systemd to integrate with systemd better
bdaebd
bdaebd
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-2
bdaebd
- mod_ssl: add check for proxy keypair match (upstream r1374214)
bdaebd
bdaebd
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-1
bdaebd
- update to 2.4.3 (#849883)
bdaebd
- own the docroot (#848121)
bdaebd
bdaebd
* Mon Aug  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-23
bdaebd
- add mod_proxy fixes from upstream (r1366693, r1365604)
bdaebd
bdaebd
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-22
bdaebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
bdaebd
bdaebd
* Fri Jul  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-21
bdaebd
- drop explicit version requirement on initscripts
bdaebd
bdaebd
* Thu Jul  5 2012 Joe Orton <jorton@redhat.com> - 2.4.2-20
bdaebd
- mod_ext_filter: fix error_log warnings
bdaebd
bdaebd
* Mon Jul  2 2012 Joe Orton <jorton@redhat.com> - 2.4.2-19
bdaebd
- support "configtest" and "graceful" as initscripts "legacy actions"
bdaebd
bdaebd
* Fri Jun  8 2012 Joe Orton <jorton@redhat.com> - 2.4.2-18
bdaebd
- avoid use of "core" GIF for a "core" directory (#168776)
bdaebd
- drop use of "syslog.target" in systemd unit file
bdaebd
bdaebd
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-17
bdaebd
- use _unitdir for systemd unit file
bdaebd
- use /run in unit file, ssl.conf
bdaebd
bdaebd
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-16
bdaebd
- mod_ssl: fix NPN patch merge
bdaebd
bdaebd
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-15
bdaebd
- move tmpfiles.d fragment into /usr/lib per new guidelines
bdaebd
- package /run/httpd not /var/run/httpd
bdaebd
- set runtimedir to /run/httpd likewise
bdaebd
bdaebd
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-14
bdaebd
- fix htdbm/htpasswd crash on crypt() failure (#818684)
bdaebd
bdaebd
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-13
bdaebd
- pull fix for NPN patch from upstream (r1345599)
bdaebd
bdaebd
* Thu May 31 2012 Joe Orton <jorton@redhat.com> - 2.4.2-12
bdaebd
- update suexec patch to use LOG_AUTHPRIV facility
bdaebd
bdaebd
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-11
bdaebd
- really fix autoindex.conf (thanks to remi@)
bdaebd
bdaebd
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-10
bdaebd
- fix autoindex.conf to allow symlink to poweredby.png
bdaebd
bdaebd
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-9
bdaebd
- suexec: use upstream version of patch for capability bit support
bdaebd
bdaebd
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-8
bdaebd
- suexec: use syslog rather than suexec.log, drop dac_override capability
bdaebd
bdaebd
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-7
bdaebd
- mod_ssl: add TLS NPN support (r1332643, #809599)
bdaebd
bdaebd
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-6
bdaebd
- add BR on APR >= 1.4.0
bdaebd
bdaebd
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-5
bdaebd
- use systemctl from logrotate (#221073)
bdaebd
bdaebd
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-4
bdaebd
- pull from upstream:
bdaebd
  * use TLS close_notify alert for dummy_connection (r1326980+)
bdaebd
  * cleanup symbol exports (r1327036+)
bdaebd
bdaebd
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3
bdaebd
- really fix restart
bdaebd
bdaebd
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-2
bdaebd
- tweak default ssl.conf
bdaebd
- fix restart handling (#814645)
bdaebd
- use graceful restart by default
bdaebd
bdaebd
* Wed Apr 18 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.2-1
bdaebd
- update to 2.4.2
bdaebd
bdaebd
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-6
bdaebd
- fix macros
bdaebd
bdaebd
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-5
bdaebd
- add _httpd_moddir to macros
bdaebd
bdaebd
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-4
bdaebd
- fix symlink for poweredby.png
bdaebd
- fix manual.conf
bdaebd
bdaebd
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-3
bdaebd
- add mod_proxy_html subpackage (w/mod_proxy_html + mod_xml2enc)
bdaebd
- move mod_ldap, mod_authnz_ldap to mod_ldap subpackage
bdaebd
bdaebd
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-2
bdaebd
- clean docroot better
bdaebd
- ship proxy, ssl directories within /var/cache/httpd
bdaebd
- default config:
bdaebd
 * unrestricted access to (only) /var/www
bdaebd
 * remove (commented) Mutex, MaxRanges, ScriptSock
bdaebd
 * split autoindex config to conf.d/autoindex.conf
bdaebd
- ship additional example configs in docdir
bdaebd
bdaebd
* Tue Mar  6 2012 Joe Orton <jorton@redhat.com> - 2.4.1-1
bdaebd
- update to 2.4.1
bdaebd
- adopt upstream default httpd.conf (almost verbatim)
bdaebd
- split all LoadModules to conf.modules.d/*.conf
bdaebd
- include conf.d/*.conf at end of httpd.conf
bdaebd
- trim %%changelog
bdaebd
bdaebd
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-2
bdaebd
- fix build against PCRE 8.30
bdaebd
bdaebd
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-1
bdaebd
- update to 2.2.22
bdaebd
bdaebd
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.2.21-8
bdaebd
- Rebuild against PCRE 8.30
bdaebd
bdaebd
* Mon Jan 23 2012 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-7
bdaebd
- fix #783629 - start httpd after named
bdaebd
bdaebd
* Mon Jan 16 2012 Joe Orton <jorton@redhat.com> - 2.2.21-6
bdaebd
- complete conversion to systemd, drop init script (#770311)
bdaebd
- fix comments in /etc/sysconfig/httpd (#771024)
bdaebd
- enable PrivateTmp in service file (#781440)
bdaebd
- set LANG=C in /etc/sysconfig/httpd
bdaebd
bdaebd
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.21-5
bdaebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
bdaebd
bdaebd
* Tue Dec 06 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-4
bdaebd
- fix #751591 - start httpd after remote-fs
bdaebd
bdaebd
* Mon Oct 24 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-3
bdaebd
- allow change state of BalancerMember in mod_proxy_balancer web interface
bdaebd
bdaebd
* Thu Sep 22 2011 Ville Skyttä <ville.skytta@iki.fi> - 2.2.21-2
bdaebd
- Make mmn available as %%{_httpd_mmn}.
bdaebd
- Add .svgz to AddEncoding x-gzip example in httpd.conf.
bdaebd
bdaebd
* Tue Sep 13 2011 Joe Orton <jorton@redhat.com> - 2.2.21-1
bdaebd
- update to 2.2.21
bdaebd
bdaebd
* Mon Sep  5 2011 Joe Orton <jorton@redhat.com> - 2.2.20-1
bdaebd
- update to 2.2.20
bdaebd
- fix MPM stub man page generation
bdaebd
bdaebd
* Wed Aug 10 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-5
bdaebd
- fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd
bdaebd
bdaebd
* Fri Jul 22 2011 Iain Arnell <iarnell@gmail.com> 1:2.2.19-4
bdaebd
- rebuild while rpm-4.9.1 is untagged to remove trailing slash in provided
bdaebd
  directory names
bdaebd
bdaebd
* Wed Jul 20 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-3
bdaebd
- fix #716621 - suexec now works without setuid bit
bdaebd
bdaebd
* Thu Jul 14 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-2
bdaebd
- fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve
bdaebd
bdaebd
* Fri Jul  1 2011 Joe Orton <jorton@redhat.com> - 2.2.19-1
bdaebd
- update to 2.2.19
bdaebd
- enable dbd, authn_dbd in default config
bdaebd
bdaebd
* Thu Apr 14 2011 Joe Orton <jorton@redhat.com> - 2.2.17-13
bdaebd
- fix path expansion in service files
bdaebd
bdaebd
* Tue Apr 12 2011 Joe Orton <jorton@redhat.com> - 2.2.17-12
bdaebd
- add systemd service files (#684175, thanks to Jóhann B. Guðmundsson)
bdaebd
bdaebd
* Wed Mar 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-11
bdaebd
- minor updates to httpd.conf
bdaebd
- drop old patches
bdaebd
bdaebd
* Wed Mar  2 2011 Joe Orton <jorton@redhat.com> - 2.2.17-10
bdaebd
- rebuild
bdaebd
bdaebd
* Wed Feb 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-9
bdaebd
- use arch-specific mmn
bdaebd
bdaebd
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.17-8
bdaebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
bdaebd
bdaebd
* Mon Jan 31 2011 Joe Orton <jorton@redhat.com> - 2.2.17-7
bdaebd
- generate dummy mod_ssl cert with CA:FALSE constraint (#667841)
bdaebd
- add man page stubs for httpd.event, httpd.worker
bdaebd
- drop distcache support
bdaebd
- add STOP_TIMEOUT support to init script
bdaebd
bdaebd
* Sat Jan  8 2011 Joe Orton <jorton@redhat.com> - 2.2.17-6
bdaebd
- update default SSLCipherSuite per upstream trunk
bdaebd
bdaebd
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-5
bdaebd
- fix requires (#667397)
bdaebd
bdaebd
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-4
bdaebd
- de-ghost /var/run/httpd
bdaebd
bdaebd
* Tue Jan  4 2011 Joe Orton <jorton@redhat.com> - 2.2.17-3
bdaebd
- add tmpfiles.d configuration, ghost /var/run/httpd (#656600)
bdaebd
bdaebd
* Sat Nov 20 2010 Joe Orton <jorton@redhat.com> - 2.2.17-2
bdaebd
- drop setuid bit, use capabilities for suexec binary
bdaebd
bdaebd
* Wed Oct 27 2010 Joe Orton <jorton@redhat.com> - 2.2.17-1
bdaebd
- update to 2.2.17
bdaebd
bdaebd
* Fri Sep 10 2010 Joe Orton <jorton@redhat.com> - 2.2.16-2
bdaebd
- link everything using -z relro and -z now
bdaebd
bdaebd
* Mon Jul 26 2010 Joe Orton <jorton@redhat.com> - 2.2.16-1
bdaebd
- update to 2.2.16
bdaebd
bdaebd
* Fri Jul  9 2010 Joe Orton <jorton@redhat.com> - 2.2.15-3
bdaebd
- default config tweaks:
bdaebd
 * harden httpd.conf w.r.t. .htaccess restriction (#591293)
bdaebd
 * load mod_substitute, mod_version by default
bdaebd
 * drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf
bdaebd
 * add commented list of shipped-but-unloaded modules
bdaebd
 * bump up worker defaults a little
bdaebd
 * drop KeepAliveTimeout to 5 secs per upstream
bdaebd
- fix LSB compliance in init script (#522074)
bdaebd
- bundle NOTICE in -tools
bdaebd
- use init script in logrotate postrotate to pick up PIDFILE
bdaebd
- drop some old Obsoletes/Conflicts
bdaebd
bdaebd
* Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1
bdaebd
- update to 2.2.15 (#572404, #579311)
bdaebd